fix: ignore case when comparing remote SHA-1 checksums#1600
Draft
algomaster99 wants to merge 2 commits into
Draft
fix: ignore case when comparing remote SHA-1 checksums#1600algomaster99 wants to merge 2 commits into
algomaster99 wants to merge 2 commits into
Conversation
2bf31b0 to
64f4a27
Compare
Reproduces issue #1599: when a repository manager serves the .sha1 verification file using upper-case hex digits, RemoteChecksumCalculator rejects the downloaded artifact because it compares the remote checksum case-sensitively against the lower-case checksum it calculates locally. The test drives calculateArtifactChecksum against a mock HTTP repository that returns an upper-case SHA-1, and expects the artifact's checksum to be returned. This currently fails. https://claude.ai/code/session_01UTaAj5R3fTpqRcqHZCBUJ3
741ef5d to
843c443
Compare
Repository managers proxying Maven Central (e.g. Nexus/Artifactory) may serve checksum files using upper-case hex digits, while the locally calculated checksum is always lower-case. Comparing case-sensitively rejected these as mismatches, producing spurious "Invalid SHA-1 checksum" failures. Use equalsIgnoreCase so the download verification accepts them. Fixes #1599 https://claude.ai/code/session_01UTaAj5R3fTpqRcqHZCBUJ3
Member
Author
|
There needs to be investigation about the test. The assertion seems to fail because |
fz-rh
approved these changes
Jul 2, 2026
fz-rh
left a comment
Collaborator
There was a problem hiding this comment.
I think it works fine. Both the test and the fix. Assuming you are able to connect to localhost.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #1599.
Problem
When
RemoteChecksumCalculatorcannot fetch a remote checksum file and falls back to downloading the artifact, it verifies the download against the repository-provided.sha1file. The comparison was case-sensitive:A repository manager proxying Maven Central (e.g. a company Nexus/Artifactory) can serve the
.sha1file using upper-case hex digits, while the locally calculated checksum is always lower-case. This produced spurious failures:Changes
This PR is intentionally split into two commits so CI demonstrates the bug, then the fix:
calculateArtifactChecksumagainst a mock HTTP repository that returns an upper-case.sha1, expecting the artifact's checksum to be returned. Fails before the fix.equalsIgnoreCase.🤖 Generated with Claude Code
Generated by Claude Code